rpcrt4: Fix a case of destroying a context handle without first releasing the lock.
Reverse the order of the release statements in NDRSContextMarshall2 for the case where the context handle doesn't have valid data so that the release that releases the lock comes first and then the optional second release doesn't need to release the lock.
This commit is contained in:
parent
51c051c0c4
commit
f6a29a1e73
|
@ -259,21 +259,25 @@ void WINAPI NDRSContextMarshall2(RPC_BINDING_HANDLE hBinding,
|
||||||
RpcRaiseException(status);
|
RpcRaiseException(status);
|
||||||
ndr->attributes = 0;
|
ndr->attributes = 0;
|
||||||
RpcContextHandle_GetUuid(SContext, &ndr->uuid);
|
RpcContextHandle_GetUuid(SContext, &ndr->uuid);
|
||||||
|
|
||||||
|
RPCRT4_RemoveThreadContextHandle(SContext);
|
||||||
|
RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (!RpcContextHandle_IsGuardCorrect(SContext, CtxGuard))
|
if (!RpcContextHandle_IsGuardCorrect(SContext, CtxGuard))
|
||||||
RpcRaiseException(ERROR_INVALID_HANDLE);
|
RpcRaiseException(ERROR_INVALID_HANDLE);
|
||||||
memset(ndr, 0, sizeof(*ndr));
|
memset(ndr, 0, sizeof(*ndr));
|
||||||
|
|
||||||
|
RPCRT4_RemoveThreadContextHandle(SContext);
|
||||||
/* Note: release the context handle twice in this case to release
|
/* Note: release the context handle twice in this case to release
|
||||||
* one ref being kept around for the data and one ref for the
|
* one ref being kept around for the data and one ref for the
|
||||||
* unmarshall/marshall sequence */
|
* unmarshall/marshall sequence */
|
||||||
if (!RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, FALSE))
|
if (!RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE))
|
||||||
return; /* this is to cope with the case of the data not being valid
|
return; /* this is to cope with the case of the data not being valid
|
||||||
* before and so not having a further reference */
|
* before and so not having a further reference */
|
||||||
|
RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, FALSE);
|
||||||
}
|
}
|
||||||
RPCRT4_RemoveThreadContextHandle(SContext);
|
|
||||||
RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/***********************************************************************
|
/***********************************************************************
|
||||||
|
|
Loading…
Reference in New Issue